Bid Beasts

First Flight #49

Beginner FriendlyFoundrySolidityNFT

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

[Informational/Gas] Incorrect Event Emission in placeBid Function

0xhsn

[Informational/Gas] Incorrect Event Emission in placeBid Function

Description

The AuctionSettled event is incorrectly emitted during the placeBid function when a user places a regular bid. This event should only be emitted when an auction is actually settled (i.e., when the NFT is transferred to the winner and payment is distributed), not during the bidding process. This creates misleading event logs and wastes gas.

// BidBeastsNFTMarketPlace.sol:144-146

require(msg.sender != previousBidder, "Already highest bidder");

@> emit AuctionSettled(tokenId, msg.sender, listing.seller, msg.value); // BUG: Wrong event, auction not settled

// --- Regular Bidding Logic ---

The correct event should be BidPlaced, which is already emitted later in the function at line 180.

Risk

Likelihood:

Occurs on every regular bid placement
Does not affect buy-now purchases

Impact:

Misleading Event Logs: Off-chain systems and frontends will incorrectly interpret bids as settled auctions
Integration Issues: Indexers, analytics tools, and monitoring systems will receive false settlement data
Gas Waste: Emitting wrong event wastes gas for users
User Confusion: Users monitoring events will see contradictory data (AuctionSettled + BidPlaced for same transaction)
Audit Trail Corruption: Historical event logs become unreliable for tracking actual auction settlements

Proof of Concept

import {Vm} from "forge-std/Vm.sol";

function test_IncorrectEventEmission() public {

_mintNFT();

_listNFT();

// Place a bid

vm.prank(BIDDER_1);

vm.recordLogs();

market.placeBid{value: 0.02 ether}(TOKEN_ID);

Vm.Log[] memory logs = vm.getRecordedLogs();

// Check for AuctionSettled event (incorrect)

bool foundAuctionSettled = false;

bool foundBidPlaced = false;

for (uint i = 0; i < logs.length; i++) {

if (logs[i].topics[0] == keccak256("AuctionSettled(uint256,address,address,uint256)")) {

foundAuctionSettled = true;

}

if (logs[i].topics[0] == keccak256("BidPlaced(uint256,address,uint256)")) {

foundBidPlaced = true;

}

// Both events are emitted, but auction is NOT settled

assertTrue(foundAuctionSettled, "AuctionSettled incorrectly emitted");

assertTrue(foundBidPlaced, "BidPlaced correctly emitted");

// Auction is still active

assertTrue(market.getListing(TOKEN_ID).listed, "Auction still active");

}

Recommended Mitigation

Remove the misplaced event emission:

function placeBid(uint256 tokenId) external payable isListed(tokenId) {

// ... existing checks ...

require(msg.sender != previousBidder, "Already highest bidder");

- emit AuctionSettled(tokenId, msg.sender, listing.seller, msg.value);

// --- Regular Bidding Logic ---

// ... rest of function ...

}

Updates

Lead Judging Commences

cryptoghost Lead Judge about 1 month ago

Submission Judgement Published

Validated

Assigned finding tags:

BidBeasts Marketplace: Incorrect Event Emission

placeBid emits AuctionSettled even though the auction hasn’t ended, causing misleading event logs.

Rewards breakdown

nSLOC

170

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.